Description

Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

Remediation

References

CVE-2019-19212

Related Vulnerabilities

WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (5.9.0)

Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Cross-Site Scripting (1.5.4)

TYPO3 Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-9508)

Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)

Severity

Critical

Classification

CVE-2019-19212 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities